<!DOCTYPE html>
<!-- saved from url=(0049)https://www.cnblogs.com/windclouds/p/5412970.html -->
<html lang="zh-cn"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="referrer" content="never">
    <meta http-equiv="Cache-Control" content="no-transform">
    <meta http-equiv="Cache-Control" content="no-siteapp">
    <title>disable_functions（禁用php函数） - windclouds - 博客园</title>
    <meta property="og:description" content="我们怎么来设置php禁止运行的函数呢？其实，我们可以在php.ini文件进行设置，如图 此时，我们可以看到，我的本地php环境中，并没用禁止任何php函数的运行，接下来，我们在本地运行以下代码：php">
    <link type="text/css" rel="stylesheet" href="./disable_functions（禁用php函数） - windclouds - 博客园_files/blog-common.css">
<link id="MainCss" type="text/css" rel="stylesheet" href="./disable_functions（禁用php函数） - windclouds - 博客园_files/bundle-BlueSky.css">
<link id="mobile-style" media="only screen and (max-width: 767px)" type="text/css" rel="stylesheet" href="./disable_functions（禁用php函数） - windclouds - 博客园_files/bundle-BlueSky-mobile.css">
    <link title="RSS" type="application/rss+xml" rel="alternate" href="https://www.cnblogs.com/windclouds/rss">
    <link title="RSD" type="application/rsd+xml" rel="EditURI" href="https://www.cnblogs.com/windclouds/rsd.xml">
<link type="application/wlwmanifest+xml" rel="wlwmanifest" href="https://www.cnblogs.com/windclouds/wlwmanifest.xml">
    <script async="" src="./disable_functions（禁用php函数） - windclouds - 博客园_files/analytics.js.下载"></script><script src="./disable_functions（禁用php函数） - windclouds - 博客园_files/jquery-2.2.0.min.js.下载"></script>
    <script>var currentBlogId=280877;var currentBlogApp='windclouds',cb_enable_mathjax=false;var isLogined=false;</script>
    <script src="./disable_functions（禁用php函数） - windclouds - 博客园_files/blog-common.js.下载" type="text/javascript"></script>
<link rel="preload" href="./disable_functions（禁用php函数） - windclouds - 博客园_files/f.txt" as="script"><script type="text/javascript" src="./disable_functions（禁用php函数） - windclouds - 博客园_files/f.txt"></script><script src="./disable_functions（禁用php函数） - windclouds - 博客园_files/pubads_impl_2019052001.js.下载" async=""></script></head>
<body>
<a name="top"></a>


<!--done-->
<div id="home">
<div id="header">
	<div id="blogTitle">
	<a id="lnkBlogLogo" href="https://www.cnblogs.com/windclouds/"><img id="blogLogo" src="./disable_functions（禁用php函数） - windclouds - 博客园_files/logo.gif" alt="返回主页"></a>			
		
<!--done-->
<h1><a id="Header1_HeaderTitle" class="headermaintitle" href="https://www.cnblogs.com/windclouds/">windclouds</a></h1>
<h2>web安全漏洞原理及实战（secbook）</h2>



		
	</div><!--end: blogTitle 博客的标题和副标题 -->
	<div id="navigator">
		
<ul id="navList">
<li><a id="blog_nav_sitehome" class="menu" href="https://www.cnblogs.com/">博客园</a></li>
<li><a id="blog_nav_myhome" class="menu" href="https://www.cnblogs.com/windclouds/">首页</a></li>
<li><a id="blog_nav_newpost" class="menu" rel="nofollow" href="https://i.cnblogs.com/EditPosts.aspx?opt=1">新随笔</a></li>
<li><a id="blog_nav_contact" class="menu" rel="nofollow" href="https://msg.cnblogs.com/send/windclouds">联系</a></li>
<li><a id="blog_nav_rss" class="menu" href="https://www.cnblogs.com/windclouds/rss">订阅</a>
<!--<a id="blog_nav_rss_image" class="aHeaderXML" href="https://www.cnblogs.com/windclouds/rss"><img src="//www.cnblogs.com/images/xml.gif" alt="订阅" /></a>--></li>
<li><a id="blog_nav_admin" class="menu" rel="nofollow" href="https://i.cnblogs.com/">管理</a></li>
</ul>
		<div class="blogStats">
			
			<div id="blog_stats">
<span id="stats_post_count">随笔 - 33&nbsp; </span>
<span id="stats_article_count">文章 - 0&nbsp; </span>
<span id="stats-comment_count">评论 - 1</span>
</div>
			
		</div><!--end: blogStats -->
	</div><!--end: navigator 博客导航栏 -->
</div><!--end: header 头部 -->

<div id="main">
	<div id="mainContent">
	<div class="forFlow">
		
        <div id="post_detail">
<!--done-->
<div id="topics">
	<div class="post">
		<h1 class="postTitle">
			<a id="cb_post_title_url" class="postTitle2" href="https://www.cnblogs.com/windclouds/p/5412970.html">disable_functions（禁用php函数）</a>
		</h1>
		<div class="clear"></div>
		<div class="postBody">
			<div id="cnblogs_post_body" class="blogpost-body"><p>我们怎么来设置php禁止运行的函数呢？<br><br>其实，我们可以在php.ini文件进行设置，如图</p>
<p>&nbsp;</p>
<p class="p"><img src="" alt=""></p>
<p class="p">&nbsp;</p>
<p>此时，我们可以看到，我的本地php环境中，并没用禁止任何php函数的运行，接下来，我们在本地运行以下代码：<br><br>phpinfo.php 源代码：<br><br>&lt;?php<br><br>&nbsp;phpinfo(); <br><br>?&gt;<br><br>开启浏览器访问，phpinfo信息正常显示的，如图</p>
<p>&nbsp;</p>
<p class="p"><span style="font-family: 宋体;"><img src="" alt=""></span></p>
<p class="p">&nbsp;</p>
<p>当我们将phpinfo函数disable掉之后，效果又是怎样的呢？<br><br>如图：</p>
<p>&nbsp;</p>
<p class="p"><img src="" alt=""></p>
<p class="p">&nbsp;</p>
<p class="p">重新启动Apache使该设置生效，然后，通过浏览器重新访问phpinfo.php文件，如图：</p>
<p class="p">&nbsp;</p>
<p class="p"><span style="font-family: 宋体;"><img src="" alt=""></span></p>
<p>看到了吗：Warning: phpinfo() has been disabled for security reasons in D:\WWW\phpinfo.php on line 2<br><br>说明我们已经将phpinfo函数成功禁用了，这样，或许系统就会更加的安全了。<br><br>如需禁用多个php函数，要用英文半角逗号分开，如下：<br><br>disable_functions = passthru,exec,system,popen,chroot,scandir,chgrp,chown,escapesh<br><br>ellcmd,escapeshellarg,shell_exec,proc_open,proc_get_status<br><br>建议在php.ini文件中禁用以上的这些php函数，要用的时候，再解禁。<br><br>我们可以使用MKDuse大牛写的一个php探针来检测我们安装的php环境中扩展/函数等开关的情况。<br><br>比如，我刚才禁用了phpinfo函数，则探针程序返回如下信息：</p>
<p>&nbsp;</p>
<p><span style="font-family: 宋体;"><img src="" alt=""></span></p>
<p>&nbsp;</p>
<p>是不是很好用呢，代码贴上，供大家参考：<br><br>dis_func.php 源代码：<br><br>&lt;?php<br><br>header("content-Type: text/html; charset=gb2312");<br><br>header("Cache-Control: no-cache, must-revalidate"); &nbsp;<br><br>header("Pragma: no-cache");<br><br>error_reporting(0);<br><br>ob_end_flush();<br><br>?&gt;<br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;<br><br>&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;<br><br>&lt;head&gt;<br><br>&lt;meta http-equiv="Pragma" content="No-cache" /&gt;<br><br>&lt;meta http-equiv="Expires" content="0" /&gt;<br><br>&lt;meta http-equiv="cache-control" content="private" /&gt;<br><br>&lt;meta http-equiv="Content-Type" content="text/html; charset=utf-8" /&gt;<br><br>&lt;title&gt;PHP 探针 v1.0&lt;/title&gt;<br><br>&lt;style type="text/css"&gt;<br><br>&lt;!--<br><br>body{text-align:center;margin-top:20px;background-color:#a9b674;}<br><br>#overview{width:700px;margin:0 auto;text-align:left;}<br><br>a{text-decoration:underline;color:#992700;}<br><br>.strong{color:#992700;}<br><br>.basew{width:300px;}<br><br>--&gt;<br><br>&lt;/style&gt;<br><br>&lt;/head&gt;<br><br>&lt;body&gt;<br><br>&lt;div id="overview"&gt;<br><br>&lt;div id="copyright"&gt;版权信息<br><br>&lt;a href="hello.php?typ=baseinfo"&gt;[基本信息]&lt;/a&gt; &lt;a href="hello.php?typ=superinfo"&gt;[高级信息]&lt;/a&gt;<br><br>&lt;?php<br><br>if (function_exists("phpinfo")){<br><br>&nbsp;&nbsp;&nbsp; echo'&lt;a href="hello.php?typ=phpinfo"&gt;[phpinfo]&lt;/a&gt;';}<br><br>echo'&lt;br /&gt;php探针v1.0 by MKDuse(blueidea-id)&lt;br /&gt;&lt;/div&gt;';<br><br>if (empty($_GET['typ'])){<br><br>&nbsp;&nbsp;&nbsp; baseinfo();}<br><br>else{<br><br>switch ($_GET['typ']){<br><br>case 'phpinfo':<br><br>phpinfoview();<br><br>break;<br><br>case 'superinfo':<br><br>superinfo();<br><br>break;<br><br>case 'baseinfo':<br><br>baseinfo();<br><br>break;<br><br>default:<br><br>baseinfo();}<br><br>}<br><br>function getime()<br><br>{<br><br>&nbsp; $t = gettimeofday();<br><br>&nbsp; return (float)($t['sec'] + $t['usec']/1000000);<br><br>}<br><br>function baseinfo(){<br><br>echo '&lt;h1&gt;基本信息&lt;/h1&gt;';<br><br>$arr[]=array("Current PHP version:",phpversion());<br><br>$arr[]=array("Zend engine version:",zend_version());<br><br>$arr[]=array("服务器版本",$_SERVER['SERVER_SOFTWARE']);<br><br>$arr[]=array("ip地址",$_SERVER['REMOTE_HOST']);//ip<br><br>$arr[]=array("域名",$_SERVER['HTTP_HOST']);<br><br>$arr[]=array("协议端口",$_SERVER['SERVER_PROTOCOL'].'&nbsp; '.$_SERVER['SERVER_PORT']);<br><br>$arr[]=array("站点根目录",$_SERVER['PATH_TRANSLATED']);<br><br>$arr[]=array("服务器时间",date('Y年m月d日,H:i:s,D'));<br><br>$arr[]=array("当前用户",get_current_user());<br><br>$arr[]=array("操作系统",php_uname('s').php_uname('r').php_uname('v'));<br><br>$arr[]=array("include_path",ini_get('include_path'));<br><br>$arr[]=array("Server API",php_sapi_name());<br><br>$arr[]=array("error_reporting level",ini_get("display_errors"));<br><br>$arr[]=array("POST提交限制",ini_get('post_max_size'));<br><br>$arr[]=array("upload_max_filesize",ini_get('upload_max_filesize'));<br><br>$arr[]=array("脚本超时时间",ini_get('max_execution_time').'秒');<br><br>if (ini_get("safe_mode")==0){<br><br>$arr[]=array("PHP安全模式(Safe_mode)",'off');}<br><br>else{<br><br>$arr[]=array("PHP安全模式(Safe_mode)",'on');}<br><br>if (function_exists('memory_get_usage')){<br><br>$arr[]=array("memory_get_usage",ini_get('memory_get_usage'));}<br><br>//$arr[]=array("可用空间",intval(diskfreespace('/')/(1024 * 1024))."M");<br><br>echo'&lt;table&gt;';<br><br>for($i=0;$i&lt;count($arr);$i++)<br><br>{<br><br>&nbsp;&nbsp;&nbsp; $overview='&lt;tr&gt;&lt;td class="basew"&gt;'.$arr[$i][0].'&lt;/td&gt;&lt;td&gt;'.$arr[$i][1].'&lt;/td&gt;&lt;/tr&gt;';<br><br>&nbsp;&nbsp;&nbsp; echo $overview;<br><br>}<br><br>echo'&lt;/table&gt;';<br><br>echo '&lt;h2&gt;服务器性能测试&lt;/h2&gt;';<br><br>echo'&lt;table&gt;&lt;tr&gt;&lt;td&gt;服务器&lt;/td&gt;&lt;td&gt;整数运算&lt;br /&gt;50万次加法(1+1)&lt;/td&gt;&lt;td&gt;浮点运算&lt;br /&gt;50万次平方根(3.14开方)&lt;/td&gt;&lt;/tr&gt;';<br><br>echo'&lt;tr&gt;&lt;td&gt;MKDuse的机子(P4 1.5G 256DDR winxp sp2)&lt;/td&gt;&lt;td&gt;465.08ms&lt;/td&gt;&lt;td&gt;466.66ms&lt;/td&gt;&lt;/tr&gt;';<br><br>$time_start=getime();<br><br>for($i=0;$i&lt;=500000;$i++);<br><br>{$count=1+1;}<br><br>$timea=round((getime()-$time_start)*1000,2);<br><br>echo '&lt;tr class="strong"&gt;&lt;td&gt;当前服务器&lt;/td&gt;&lt;td&gt;'.$timea.'ms&lt;/td&gt;';<br><br>$time_start=getime();<br><br>for($i=0;$i&lt;=500000;$i++);<br><br>{sqrt(3.14);}<br><br>$timea=round((getime()-$time_start)*1000,2);<br><br>echo '&lt;td&gt;'.$timea.'ms&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;';<br><br>?&gt;<br><br>&lt;script language="javascript" type="text/javascript"&gt;<br><br>function gettime()<br><br>{ &nbsp;<br><br>&nbsp; var time; &nbsp;<br><br>&nbsp; time=new Date();<br><br>&nbsp; return time.getTime(); &nbsp;<br><br>}<br><br>start_time=gettime();<br><br>&lt;/script&gt;<br><br>&lt;?php<br><br>echo '&lt;h2&gt;带宽测试&lt;/h2&gt;';<br><br>for ($i=0;$i&lt;100;$i++){<br><br>print "&lt;!--1234567890#########0#########0#########0#########0#########0#########0#########0#########012345--&gt;";}<br><br>?&gt;<br><br>&lt;p id="dk"&gt;&lt;/p&gt;<br><br>&lt;script language="javascript" type='text/javascript'&gt;<br><br>var timea;<br><br>var netspeed;<br><br>timea=gettime()-start_time;<br><br>netspeed=Math.round(10/timea*1000);<br><br>document.getElementByIdx("dk").innerHTML="向客户端发送10KB数据，耗时"+timea+"ms&lt;br /&gt;您与此服务器的连接速度为"+netspeed+"kb/s";<br><br>&lt;/script&gt;<br><br>&lt;?php<br><br>echo'&lt;h2&gt;已加载的扩展库(enable)&lt;/h2&gt;&lt;div&gt;';<br><br>$arr =get_loaded_extensions();<br><br>foreach($arr as $value){<br><br>&nbsp;&nbsp;&nbsp; echo $value.'&lt;br /&gt;';}<br><br>echo'&lt;/div&gt;&lt;h2&gt;禁用的函数&lt;/h2&gt;&lt;p&gt;';<br><br>$disfun=ini_get('disable_functions');<br><br>if (empty($disfun)){<br><br>&nbsp;&nbsp;&nbsp; echo'没有禁用&lt;/p&gt;';}<br><br>else{<br><br>echo ini_get('disable_functions').'&lt;/p&gt;';}<br><br>}//关闭<br><br>function superinfo(){<br><br>echo'&lt;h1&gt;高级信息&lt;/h1&gt;&lt;p&gt;PHP_INI_USER 1 配置选项可用在用户的 PHP 脚本或Windows 注册表中&lt;br&gt; PHP_INI_PERDIR 2 配置选项可在 php.ini, .htaccess 或 httpd.conf 中设置 &lt;br&gt;PHP_INI_SYSTEM 4 配置选项可在 php.ini or httpd.conf 中设置 &lt;br&gt;PHP_INI_ALL 7 配置选项可在各处设置&lt;/p&gt;';<br><br>$arr1=ini_get_all();<br><br>for ($i=0;$i&lt;count($arr1);$i++)<br><br>&nbsp;&nbsp;&nbsp; {<br><br>$arr2=array_slice($arr1,$i,1);<br><br>print_r($arr2);<br><br>echo '&lt;br /&gt;';<br><br>}<br><br>}<br><br>function phpinfoview(){<br><br>&nbsp;&nbsp;&nbsp; phpinfo();<br><br>}<br><br>?&gt;<br><br>&lt;/div&gt;<br><br>&lt;/body&gt;<br><br>&lt;/html&gt;<br><br>那么，是不是我们通过disable_functions来禁用了php相应函数，渗透测试的时候就没法使用相应的php函数了呢，比如我禁用了phpinfo函数，是否就没有其他的办法来直接运行phpinfo函数了呢？<br><br>答案是否。<br><br>我们可以通过dl函数来运行时加载一个php扩展，然后，运行扩展里面的php函数，从而达到绕过disable_functions设置的黑名单函数。<br><br>但是，前提是dl函数能够被执行，也就是说，dl函数是激活了的，enable_dl = Off（说明dl函数是处于非激活状态），如图：</p>
<p>&nbsp;</p>
<p class="p"><span style="font-family: 宋体;"><img src="" alt=""></span></p>
<p class="p">&nbsp;</p>
<p>enable_dl = Off，这样的设置会使php系统更加的安全。<br><br>接下来<br><br>证明：<br><br>如果通过disable_functions设置禁用了phpinfo函数，还有其他的办法可以直接运行phpinfo函数。<br><br>首先，我们要知道phpinfo这个函数在哪个php扩展里面：<br><br>&lt;?php<br><br>$arr = get_loaded_extensions();<br><br>foreach($arr as $key =&gt; $value)<br><br>{<br><br>echo $value;<br><br>echo ':';<br><br>print_r(get_extension_funcs($value));<br><br>echo '&lt;br /&gt;';<br><br>}<br><br>?&gt;<br><br>通过以上代码可知：phpinfo函数是standard扩展里面的第25个函数，如图：</p>
<p>&nbsp;</p>
<p class="p"><span style="font-family: 宋体;"><img src="" alt=""></span></p>
<p class="p">&nbsp;</p>
<p>此时，我们就可以验证以上的证明了，在渗透测试的时候，如果站点服务器禁用了phpinfo函数，而没有禁用dl函数，那么，我们可以自己手动上传一个standard扩展到站点的可写目录，然后，通过调用自己上传的standard扩展里的phpinfo函数，从而实现获取目标服务器的相关信息。<br><br>总结：<br><br>使用disable_functions设置禁用函数的黑名单。<br><br>在disable_functions设置的时候，记得第一件事就是先将dl函数禁止运行（设置enable = Off），然后，才是禁用其他的函数：如：exec，system，eval等等。<br><br>使用extension_loaded函数来检测一个php扩展是否已经加载，其对应的get方法get_loaded_extensions，是获取已经加载的所有php扩展，如果想开关该php扩展，可以在php.ini文件中设置。<br><br>get_extension_funcs函数可以返回某个已加载的php模块里面的所有函数。</p></div><div id="MySignature"></div>
<div class="clear"></div>
<div id="blog_post_info_block">
<div id="BlogPostCategory"></div>
<div id="EntryTag">标签: <a href="https://www.cnblogs.com/windclouds/tag/web%E5%AE%89%E5%85%A8/">web安全</a></div>
<div id="blog_post_info"><div id="green_channel">
        <a href="javascript:void(0);" id="green_channel_digg" onclick="DiggIt(5412970,cb_blogId,1);green_channel_success(this,&#39;谢谢推荐！&#39;);">好文要顶</a>
            <a id="green_channel_follow" onclick="follow(&#39;8da717da-b006-e611-9fc1-ac853d9f53cc&#39;);" href="javascript:void(0);">关注我</a>
    <a id="green_channel_favorite" onclick="AddToWz(cb_entryId);return false;" href="javascript:void(0);">收藏该文</a>
    <a id="green_channel_weibo" href="javascript:void(0);" title="分享至新浪微博" onclick="ShareToTsina()"><img src="./disable_functions（禁用php函数） - windclouds - 博客园_files/icon_weibo_24.png" alt=""></a>
    <a id="green_channel_wechat" href="javascript:void(0);" title="分享至微信" onclick="shareOnWechat()"><img src="./disable_functions（禁用php函数） - windclouds - 博客园_files/wechat.png" alt=""></a>
</div>
<div id="author_profile">
    <div id="author_profile_info" class="author_profile_info">
            <a href="https://home.cnblogs.com/u/windclouds/" target="_blank"><img src="./disable_functions（禁用php函数） - windclouds - 博客园_files/20160420192706.png" class="author_avatar" alt=""></a>
        <div id="author_profile_detail" class="author_profile_info">
            <a href="https://home.cnblogs.com/u/windclouds/">windclouds</a><br>
            <a href="https://home.cnblogs.com/u/windclouds/followees">关注 - 0</a><br>
            <a href="https://home.cnblogs.com/u/windclouds/followers">粉丝 - 8</a>
        </div>
    </div>
    <div class="clear"></div>
    <div id="author_profile_honor"></div>
    <div id="author_profile_follow">
                <a href="javascript:void(0);" onclick="follow(&#39;8da717da-b006-e611-9fc1-ac853d9f53cc&#39;);return false;">+加关注</a>
    </div>
</div>
<div id="div_digg">
    <div class="diggit" onclick="votePost(5412970,&#39;Digg&#39;)">
        <span class="diggnum" id="digg_count">0</span>
    </div>
    <div class="buryit" onclick="votePost(5412970,&#39;Bury&#39;)">
        <span class="burynum" id="bury_count">0</span>
    </div>
    <div class="clear"></div>
    <div class="diggword" id="digg_tips">
    </div>
</div>
<script type="text/javascript">
    currentDiggType = 0;
</script></div>
<div class="clear"></div>
<div id="post_next_prev"><a href="https://www.cnblogs.com/windclouds/p/5412926.html" class="p_n_p_prefix">« </a> 上一篇：<a href="https://www.cnblogs.com/windclouds/p/5412926.html" title="发布于2016-04-20 15:31">magic_quotes_sybase（魔术引号开关）</a><br><a href="https://www.cnblogs.com/windclouds/p/5413035.html" class="p_n_p_prefix">» </a> 下一篇：<a href="https://www.cnblogs.com/windclouds/p/5413035.html" title="发布于2016-04-20 15:45">safe_mode（php安全模式）</a><br></div>
</div>


		</div>
		<div class="postDesc">posted @ <span id="post-date">2016-04-20 15:37</span> <a href="https://www.cnblogs.com/windclouds/">windclouds</a> 阅读(<span id="post_view_count">2556</span>) 评论(<span id="post_comment_count">0</span>)  <a href="https://i.cnblogs.com/EditPosts.aspx?postid=5412970" rel="nofollow">编辑</a> <a href="https://www.cnblogs.com/windclouds/p/5412970.html#" onclick="AddToWz(5412970);return false;">收藏</a></div>
	</div>
	<script type="text/javascript">var allowComments=true,cb_blogId=280877,cb_entryId=5412970,cb_blogApp=currentBlogApp,cb_blogUserGuid='8da717da-b006-e611-9fc1-ac853d9f53cc',cb_entryCreatedDate='2016/4/20 15:37:00';loadViewCount(cb_entryId);var cb_postType=1;var isMarkdown=false;</script>
	
</div><!--end: topics 文章、评论容器-->
</div><a name="!comments"></a><div id="blog-comments-placeholder"></div><script type="text/javascript">var commentManager = new blogCommentManager();commentManager.renderComments(0);</script>
<div id="comment_form" class="commentform">
<a name="commentform"></a>
<div id="divCommentShow"></div>
<div id="comment_nav"><span id="span_refresh_tips"></span><a href="javascript:void(0);" onclick="return RefreshCommentList();" id="lnk_RefreshComments" runat="server" clientidmode="Static">刷新评论</a><a href="https://www.cnblogs.com/windclouds/p/5412970.html#" onclick="return RefreshPage();">刷新页面</a><a href="https://www.cnblogs.com/windclouds/p/5412970.html#top">返回顶部</a></div>
<div id="comment_form_container"><div class="login_tips">注册用户登录后才能发表评论，请 <a rel="nofollow" href="javascript:void(0);" class="underline" onclick="return login(&#39;commentform&#39;);">登录</a> 或 <a rel="nofollow" href="javascript:void(0);" class="underline" onclick="return register();">注册</a>，<a href="http://www.cnblogs.com/">访问</a>网站首页。</div></div>
<div class="ad_text_commentbox" id="ad_text_under_commentbox"></div>
<div id="ad_t2"><a href="http://www.ucancode.com/index.htm" target="_blank" onclick="ga(&#39;send&#39;, &#39;event&#39;, &#39;Link&#39;, &#39;click&#39;, &#39;T2-工控&#39;)">【推荐】超50万C++/C#源码: 大型实时仿真组态图形源码</a><br><a href="https://ke.qq.com/adActivity.html?name=xiangxueketang2" target="_blank" onclick="ga(&#39;send&#39;, &#39;event&#39;, &#39;Link&#39;, &#39;click&#39;, &#39;T2-享学&#39;)">【推荐】Java工作两年，一天竟收到33份面试通知</a><br><a href="https://q.cnblogs.com/" target="_blank" onclick="ga(&#39;send&#39;, &#39;event&#39;, &#39;Link&#39;, &#39;click&#39;, &#39;T2-博问&#39;)">【推荐】程序员问答平台，解决您开发中遇到的技术难题</a><br></div>
<div id="opt_under_post"></div>
<script async="async" src="./disable_functions（禁用php函数） - windclouds - 博客园_files/gpt.js.下载"></script>
<script>
  var googletag = googletag || {};
  googletag.cmd = googletag.cmd || [];
</script>
<script>
  googletag.cmd.push(function() {
        googletag.defineSlot('/1090369/C1', [300, 250], 'div-gpt-ad-1546353474406-0').addService(googletag.pubads());
        googletag.defineSlot('/1090369/C2', [468, 60], 'div-gpt-ad-1539008685004-0').addService(googletag.pubads());
        googletag.pubads().enableSingleRequest();
        googletag.enableServices();
  });
</script>
<div id="cnblogs_c1" class="c_ad_block">
    <div id="div-gpt-ad-1546353474406-0" style="height:250px; width:300px;"></div>
</div>
<div id="under_post_news"><div class="itnews c_ad_block"><b>相关博文：</b><br>·  <a href="https://www.cnblogs.com/shsgl/p/3952039.html" target="_blank" onclick="clickRecomItmem(3952039)">禁用php函数的设置</a><br>·  <a href="https://www.cnblogs.com/L-H-R-X-hehe/p/3990359.html" target="_blank" onclick="clickRecomItmem(3990359)">一些需要禁用的PHP危险函数(disable_functions)</a><br>·  <a href="https://www.cnblogs.com/linewman/p/9918773.html" target="_blank" onclick="clickRecomItmem(9918773)">一些需要禁用的PHP危险函数(disable_functions)</a><br>·  <a href="https://www.cnblogs.com/thingk/p/6802286.html" target="_blank" onclick="clickRecomItmem(6802286)">php危险的函数和类 disable_functions/class</a><br>·  <a href="https://www.cnblogs.com/iplus/archive/2012/07/09/4489963.html" target="_blank" onclick="clickRecomItmem(4489963)">禁用php函数的设置</a><br></div></div>
<div id="cnblogs_c2" class="c_ad_block">
    <div id="div-gpt-ad-1539008685004-0" style="height:60px; width:468px;"></div>
</div>
<div id="under_post_kb"><div class="itnews c_ad_block"><b>最新新闻</b>：<br> ·  <a href="https://news.cnblogs.com/n/625882/" target="_blank">中国电信 宕机 5 个小时：AWS、Azure、谷歌云、SAP等受影响</a><br> ·  <a href="https://news.cnblogs.com/n/625881/" target="_blank">高压出奇迹</a><br> ·  <a href="https://news.cnblogs.com/n/625880/" target="_blank">华为注册了整本山海经？这是专属于中国人的终极浪漫！</a><br> ·  <a href="https://news.cnblogs.com/n/625879/" target="_blank">松鼠AI联合AAAI发布AI诺贝尔奖 每年出资100万美金</a><br> ·  <a href="https://news.cnblogs.com/n/625878/" target="_blank">腾讯阿里决战车载互联网</a><br>» <a href="http://news.cnblogs.com/" title="IT新闻" target="_blank">更多新闻...</a></div></div>
<div id="HistoryToday" class="c_ad_block"></div>
<script type="text/javascript">
 if(enablePostBottom()) {
    codeHighlight();
    fixPostBody();
    setTimeout(function () { incrementViewCount(cb_entryId); }, 50);
    deliverT2();
    deliverC1();
    deliverC2();    
    loadNewsAndKb();
    loadBlogSignature();
    LoadPostInfoBlock(cb_blogId, cb_entryId, cb_blogApp, cb_blogUserGuid);
    GetPrevNextPost(cb_entryId, cb_blogId, cb_entryCreatedDate, cb_postType);
    loadOptUnderPost();
    GetHistoryToday(cb_blogId, cb_blogApp, cb_entryCreatedDate);  
}
</script>
</div>

    
	</div><!--end: forFlow -->
	</div><!--end: mainContent 主体内容容器-->

	<div id="sideBar">
		<div id="sideBarMain">
			
<!--done-->
<div class="newsItem">
<h3 class="catListTitle">公告</h3>
	<div id="blog-news"><div id="profile_block">昵称：<a href="https://home.cnblogs.com/u/windclouds/">windclouds</a><br>园龄：<a href="https://home.cnblogs.com/u/windclouds/" title="入园时间：2016-04-20">3年1个月</a><br>粉丝：<a href="https://home.cnblogs.com/u/windclouds/followers/">8</a><br>关注：<a href="https://home.cnblogs.com/u/windclouds/followees/">0</a><div id="p_b_follow"><a href="javascript:void(0);" onclick="follow(&#39;8da717da-b006-e611-9fc1-ac853d9f53cc&#39;)">+加关注</a></div><script>getFollowStatus('8da717da-b006-e611-9fc1-ac853d9f53cc')</script></div></div><script type="text/javascript">loadBlogNews();</script>
</div>

			<div id="blog-calendar" style=""><table id="blogCalendar" class="Cal" cellspacing="0" cellpadding="0" title="Calendar">
	<tbody><tr><td colspan="7"><table class="CalTitle" cellspacing="0">
		<tbody><tr><td class="CalNextPrev"><a href="javascript:void(0);" onclick="loadBlogCalendar(&#39;2019/04/01&#39;);return false;">&lt;</a></td><td align="center">2019年5月</td><td class="CalNextPrev" align="right"><a href="javascript:void(0);" onclick="loadBlogCalendar(&#39;2019/06/01&#39;);return false;">&gt;</a></td></tr>
	</tbody></table></td></tr><tr><th class="CalDayHeader" align="center" abbr="日" scope="col">日</th><th class="CalDayHeader" align="center" abbr="一" scope="col">一</th><th class="CalDayHeader" align="center" abbr="二" scope="col">二</th><th class="CalDayHeader" align="center" abbr="三" scope="col">三</th><th class="CalDayHeader" align="center" abbr="四" scope="col">四</th><th class="CalDayHeader" align="center" abbr="五" scope="col">五</th><th class="CalDayHeader" align="center" abbr="六" scope="col">六</th></tr><tr><td class="CalOtherMonthDay" align="center">28</td><td class="CalOtherMonthDay" align="center">29</td><td class="CalOtherMonthDay" align="center">30</td><td align="center">1</td><td align="center">2</td><td align="center">3</td><td class="CalWeekendDay" align="center">4</td></tr><tr><td class="CalWeekendDay" align="center">5</td><td align="center">6</td><td align="center">7</td><td align="center">8</td><td align="center">9</td><td align="center">10</td><td class="CalWeekendDay" align="center">11</td></tr><tr><td class="CalWeekendDay" align="center">12</td><td align="center">13</td><td align="center">14</td><td align="center">15</td><td align="center">16</td><td align="center">17</td><td class="CalWeekendDay" align="center">18</td></tr><tr><td class="CalWeekendDay" align="center">19</td><td align="center">20</td><td align="center">21</td><td align="center">22</td><td align="center">23</td><td align="center">24</td><td class="CalWeekendDay" align="center">25</td></tr><tr><td class="CalTodayDay" align="center">26</td><td align="center">27</td><td align="center">28</td><td align="center">29</td><td align="center">30</td><td align="center">31</td><td class="CalOtherMonthDay" align="center">1</td></tr><tr><td class="CalOtherMonthDay" align="center">2</td><td class="CalOtherMonthDay" align="center">3</td><td class="CalOtherMonthDay" align="center">4</td><td class="CalOtherMonthDay" align="center">5</td><td class="CalOtherMonthDay" align="center">6</td><td class="CalOtherMonthDay" align="center">7</td><td class="CalOtherMonthDay" align="center">8</td></tr>
</tbody></table></div><script type="text/javascript">loadBlogDefaultCalendar();</script>
			
			<div id="leftcontentcontainer">
				<div id="blog-sidecolumn"><div id="sidebar_search" class="sidebar-block">
<div id="sidebar_search" class="mySearch">
<h3 class="catListTitle">搜索</h3>
<div id="sidebar_search_box">
<div id="widget_my_zzk" class="div_my_zzk"><input type="text" id="q" onkeydown="return zzk_go_enter(event);" class="input_my_zzk">&nbsp;<input onclick="zzk_go()" type="button" value="找找看" id="btnZzk" class="btn_my_zzk"></div>
<div id="widget_my_google" class="div_my_zzk"><input type="text" name="google_q" id="google_q" onkeydown="return google_go_enter(event)" class="input_my_zzk">&nbsp;<input onclick="google_go()" type="button" value="谷歌搜索" class="btn_my_zzk"></div>
</div>
</div>

</div><div id="sidebar_shortcut" class="sidebar-block">
<div class="catListLink">
<h3 class="catListTitle">常用链接</h3>
<ul>
<li><a href="https://www.cnblogs.com/windclouds/p/" title="我的博客的随笔列表">我的随笔</a></li><li><a href="https://www.cnblogs.com/windclouds/MyComments.html" title="我发表过的评论列表">我的评论</a></li><li><a href="https://www.cnblogs.com/windclouds/OtherPosts.html" title="我评论过的随笔列表">我的参与</a></li><li><a href="https://www.cnblogs.com/windclouds/RecentComments.html" title="我的博客的评论列表">最新评论</a></li><li><a href="https://www.cnblogs.com/windclouds/tag/" title="我的博客的标签列表">我的标签</a></li>
</ul>
<div id="itemListLin_con" style="display:none;">
<ul>

</ul>
</div>
</div></div><div id="sidebar_categories">
<div id="sidebar_postarchive" class="catListPostArchive sidebar-block">
<h3 class="catListTitle">随笔档案</h3>

<ul>

<li><a id="CatList_LinkList_0_Link_0" href="https://www.cnblogs.com/windclouds/archive/2016/04.html">2016年4月 (33)</a> </li>

</ul>

</div>

</div><div id="sidebar_recentcomments" class="sidebar-block"><div id="recent_comments_wrap">
<div class="catListComment">
<h3 class="catListTitle">最新评论</h3>

	<div id="RecentCommentsBlock"><ul>
        <li class="recent_comment_title"><a href="https://www.cnblogs.com/windclouds/p/5412456.html#3537886">1. Re:渗透测试思路</a></li>
        <li class="recent_comment_body">博主那么多文章是抓取的吗？</li>
        <li class="recent_comment_author">--木讷</li>
</ul>
</div>
</div>
</div></div><div id="sidebar_topviewedposts" class="sidebar-block"><div id="topview_posts_wrap">
<div class="catListView">
<h3 class="catListTitle">阅读排行榜</h3>
	<div id="TopViewPostsBlock"><ul><li><a href="https://www.cnblogs.com/windclouds/p/5412665.html">1. AWVS介绍(16310)</a></li><li><a href="https://www.cnblogs.com/windclouds/p/5412888.html">2. magic_quotes_gpc（魔术引号开关）(4494)</a></li><li><a href="https://www.cnblogs.com/windclouds/p/5413231.html">3. 弱口令/敏感后台(3027)</a></li><li><a href="https://www.cnblogs.com/windclouds/p/5413254.html">4. 越权访问漏洞(2983)</a></li><li><a href="https://www.cnblogs.com/windclouds/p/5412970.html">5. disable_functions（禁用php函数）(2556)</a></li></ul></div>
</div>
</div></div><div id="sidebar_topcommentedposts" class="sidebar-block"><div id="topfeedback_posts_wrap">
<div class="catListFeedback">
<h3 class="catListTitle">评论排行榜</h3>
	<div id="TopFeedbackPostsBlock"><ul><li><a href="https://www.cnblogs.com/windclouds/p/5412456.html">1. 渗透测试思路(1)</a></li></ul></div>
</div>
</div></div><div id="sidebar_topdiggedposts" class="sidebar-block"><div id="topdigg_posts_wrap">
<div class="catListView">
<h3 class="catListTitle">推荐排行榜</h3>
<div id="TopDiggPostsBlock"><ul><li><a href="https://www.cnblogs.com/windclouds/p/5412665.html">1. AWVS介绍(1)</a></li></ul></div>
</div></div></div></div><script type="text/javascript">loadBlogSideColumn();</script>
			</div>
			
		</div><!--end: sideBarMain -->
	</div><!--end: sideBar 侧边栏容器 -->
	<div class="clear"></div>
	</div><!--end: main -->
	<div class="clear"></div>
	<div id="footer">
		
<!--done-->
Copyright ©2019 windclouds
	</div><!--end: footer -->
</div><!--end: home 自定义的最大容器 -->



</body></html>